diff --git a/program/serializers.py b/program/serializers.py
index 39a0176e4cc1feccf020964c2705f78d32d27661..6b47108e7ca2c7a70ad0867fd7133b2ab29681f7 100644
--- a/program/serializers.py
+++ b/program/serializers.py
@@ -89,29 +89,24 @@ class ErrorSerializer(serializers.Serializer):
 class ProfileSerializer(serializers.ModelSerializer):
     class Meta:
         model = UserProfile
-        fields = (
-            "cba_username",
-            "cba_user_token",
-            "created_at",
-            "created_by",
-            "updated_at",
-            "updated_by",
-        )
         read_only_fields = (
             "created_at",
             "created_by",
             "updated_at",
             "updated_by",
         )
+        fields = (
+            "cba_username",
+            "cba_user_token",
+        ) + read_only_fields
 
 
 class UserSerializer(serializers.ModelSerializer):
     is_privileged = serializers.SerializerMethodField()
     permissions = serializers.SerializerMethodField()
-    # Add profile fields to JSON
     profile = ProfileSerializer(required=False)
     host_ids = serializers.PrimaryKeyRelatedField(
-        many=True, queryset=Host.objects.all(), source="hosts"
+        many=True, queryset=Host.objects.all(), required=False, source="hosts"
     )
 
     class Meta:
@@ -129,7 +124,6 @@ class UserSerializer(serializers.ModelSerializer):
             "is_staff",
             "is_superuser",
             "last_name",
-            "password",
             "profile",
             "username",
         ) + read_only_fields
@@ -155,13 +149,12 @@ class UserSerializer(serializers.ModelSerializer):
         user.save()
 
         if profile_data:
-            profile = UserProfile(
+            UserProfile.objects.create(
                 cba_username=profile_data.get("cba_username").strip(),
                 cba_user_token=profile_data.get("cba_user_token").strip(),
                 created_by=self.context.get("request").user.username,
                 user=user,
             )
-            profile.save()
 
         return user
 
@@ -190,23 +183,30 @@ class UserSerializer(serializers.ModelSerializer):
 
         profile_data = validated_data.pop("profile") if "profile" in validated_data else None
 
-        if profile_data:
-            # TODO: How to hook into this from ProfileSerializer without having to call it here?
-            try:
-                profile = UserProfile.objects.get(user=instance.id)
-            except ObjectDoesNotExist:
-                profile = UserProfile.objects.create(user=instance, **profile_data)
-
-            if "cba_username" in profile_data:
-                profile.cba_username = profile_data.get("cba_username")
-
-            if "cba_user_token" in profile_data:
-                profile.cba_user_token = profile_data.get("cba_user_token")
+        try:
+            profile = instance.profile
+        except ObjectDoesNotExist:
+            profile = None
 
-            profile.updated_by = self.context.get("request").user.username
-            profile.save()
+        if profile_data:
+            if profile:
+                if "cba_username" in profile_data:
+                    profile.cba_username = profile_data.get("cba_username")
+
+                if "cba_user_token" in profile_data:
+                    profile.cba_user_token = profile_data.get("cba_user_token")
+
+                profile.updated_by = self.context.get("request").user.username
+                profile.save()
+            else:
+                UserProfile.objects.create(
+                    created_by=self.context.get("request").user.username,
+                    user=instance,
+                    **profile_data,
+                )
 
         instance.save()
+
         return instance